The Europay, MasterCard and Visa (EMV) and Single Euro Payments Area (SEPA) standards don't appear to have a lot in common, but there is one alarming similarity — the tortoise-like pace of migration which threatens deadlines for both.
"The disruptive changes are the common elements between EMV and SEPA, not just for merchants but for the broader payments community," says Brian Shniderman, the owner/principal and payments practice lead at Deloitte.
The slow pace for both EMV and SEPA is largely a result of highly complex tech upgrades. There are numerous projects, but the two mentioned most often by analysts include repairs to error-prone legacy systems as part of SEPA; and the ongoing efforts by card networks to guide U.S. EMV chip-card migration.
SEPA, which carries a February 2014 deadline in most cases, is designed to streamline processing for international and domestic payments in the euro zone via common payment instruments. Progress is woefully behind in both migration and ensuring data quality. New research from Experian says only 65% of euro transactions are underpinned by fully accurate destination routing data and 12% of electronic payments made to and from businesses in euros contain data errors.
Experian also says that as of November 2012 (the most recent date for which information is available), only 2% of direct debit volume had been migrated to SEPA for both domestic and cross-border payments in the euro zone, despite the long-time knowledge of the 2014 deadline and warnings about tough migration.
The SEPA migration is being complicated by a reliance on workarounds that banks have used to mask data errors in the past, such as domestic payments getting routed to bank locations that no longer exist, says Jonathan Williams, director of payment strategy for Experian.
Most banks correct those mistakes based on experience and local knowledge of the customers, he says. That fix will no longer be available after the SEPA deadline, when all payments will require the use of common standards for euro credit and debit transactions for domestic and cross-border payments.
"At the moment the domestic systems can cope with a certain amount of error. It's a common practice in Europe, so it's masking that fact that there is a problem with payment transactions," Williams says.
With each failed transaction under SEPA costing about $68 in penalties, there would appear to be incentive to correct data shortcomings. But Williams says migration is complex, and is taking a lot of time.
For example, migrating existing customer records to the International Bank Account (Iban) standard required by SEPA will be a difficult because of the sheer number of accounts, and as a result large businesses face challenges in migrating and maintaining SEPA-compliance mandated information in time for the 2014 deadline, he says.
Also complicating migration is the need for businesses to check underlying bank data prior to migrating to the Iban format, since pre-existing errors will jeopardize future payments.
"For example, you may need to upgrade your ERP [enterprise resource planning] or CRM [customer relationship management] systems, or make changes to the website, and there's lead time to making these changes. So we may wind up getting the migration closer to the deadline than we would like," Williams says.
In the U.S., the slow migration from magnetic-stripe cards to EMV chip cards has merchant groups warning they may miss certain deadlines. Visa and MasterCard each made recent moves to alleviate one of the hurdles to migration, the need for a common application identifier, but merchant groups are hesitant to consider the matter resolved.
Knowledge of the EMV standards and details of what is required before the card networks' liability shift deadlines is no longer a problem in the payment industry, says Deb Baxley, a principal in the cards and payments practice at Capgemini.
"It's more of a resource gap than a knowledge gap. The number of people needed to work on a migration and systems integration will stress [IT shops]," she says.
For the most part, stakeholders have a migration plan, but have not begun testing new systems, Baxley says. "Nothing like that has started yet and it's not going to happen until next year."
The slow pace raises the question of what will happen if the deadlines for either SEPA or EMV are missed.
In Europe, most banks would likely take steps to help laggards, says Christophe Vergne, principal lead in the global cards and payments practice at Capgemini.
"The theory is banks are expecting their clients to provide instructions in the right format, but some clients will not be ready to do so in Feb 2014, so banks would be not be in a position to process transactions," he says. "In practice the banks will likely find a way to do so by reformatting or providing outsourced services. It's not likely that the banks will reject transactions."
In the case of EMV, missed deadlines will emphasize risk issues, Baxley says.
"The only mandate is to handle EMV transactions. There are sticks and carrots in terms of PCI compliance, but if the country doesn't move to EMV, it will be a target for more fraud. That's already happening," Baxley says.
Shniderman says in the U.S., EMV liability shift deadlines may have to get pushed back if the slow pace continues. "If I had to use a crystal ball, it would seem likely that there will need to be some loosening of the timeframes," he says.